I’m testing an internal API endpoint used on my website modernfoodcatering.com, and I’m running into a strange issue. The API works perfectly in production when called from the frontend, but when I try the same endpoint in Postman with the exact same API key and headers, I keep getting a 401 Unauthorized response.
I’ve double-checked the headers, environment variables, and even tried regenerating the key — still the same result. Is there anything in Postman (like SSL settings, redirects, or hidden headers) that could cause a mismatch between browser requests and Postman requests?
Any insights from others who faced similar API authentication inconsistencies would be appreciated.